Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
6.4 MEDIUM
CVE-2025-12159 — Bold Page Builder <= 5.4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via…

The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's bt_bb_raw_content shortcode in all versions up to, and including, 5.4.8 due to insufficient in…

bold_page_builder | Remote | Cross-Site Scripting
Feb 07, 2026 Feb 09, 2026
Feb 07, 2026
Feb 09, 2026
6.5 MEDIUM
CVE-2026-2074 — O2OA HTTP POST Request check xml external entity reference

A vulnerability was identified in O2OA up to 9.0.0. This impacts an unknown function of the file /x_program_center/jaxrs/mpweixin/check of the component HTTP POST Request Handler. The manipulation le…

o2oa | Remote | XML External Entity
Feb 07, 2026 Feb 17, 2026
Feb 07, 2026
Feb 17, 2026
9.8 CRITICAL
CVE-2026-2073 — itsourcecode School Management System index.php sql injection

A vulnerability was determined in itsourcecode School Management System 1.0. This affects an unknown function of the file /ramonsys/user/index.php. Executing a manipulation of the argument ID can lea…

school_management_system school_management_system | Remote | Injection
Feb 07, 2026 Feb 12, 2026
Feb 07, 2026
Feb 12, 2026
6.8 MEDIUM
CVE-2025-31990 — HCL DevOps Velocity is susceptible to a Denial of Service vulnerability

Rate limiting for certain API calls is not being enforced, making HCL Velocity vulnerable to Denial of Service (DoS) attacks. An attacker could flood the system with a large number of requests, over…

Remote | Denial of Service
Feb 07, 2026 Feb 09, 2026
Feb 07, 2026
Feb 09, 2026
Showing 20 of 4984 Results